Filtered by vendor Microsoft
Subscribe
Total
19620 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0700 | 1 Microsoft | 1 Content Management Server | 2024-02-28 | 7.5 HIGH | N/A |
| Buffer overflow in a system function that performs user authentication for Microsoft Content Management Server (MCMS) 2001 allows attackers to execute code in the Local System context by authenticating to a web page that calls the function, aka "Unchecked Buffer in MDAC Function Could Enable SQL Server Compromise." | |||||
| CVE-2004-0203 | 1 Microsoft | 1 Exchange Server | 2024-02-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Outlook Web Access for Exchange Server 5.5 Service Pack 4 allows remote attackers to insert arbitrary script and spoof content in HTML email or web caches via an HTML redirect query. | |||||
| CVE-2000-1149 | 1 Microsoft | 1 Windows Nt | 2024-02-28 | 7.5 HIGH | N/A |
| Buffer overflow in RegAPI.DLL used by Windows NT 4.0 Terminal Server allows remote attackers to execute arbitrary commands via a long username, aka the "Terminal Server Login Buffer Overflow" vulnerability. | |||||
| CVE-2002-1824 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-02-28 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a webserver's certificate chain during a SSL/TLS handshake, does not prompt the user before searching for and finding a newer certificate, which may allow attackers to perform a man-in-the-middle attack. NOTE: it is not clear whether this poses a vulnerability. | |||||
| CVE-1999-0585 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2024-02-28 | 2.1 LOW | N/A |
| A Windows NT administrator account has the default name of Administrator. | |||||
| CVE-2003-0906 | 1 Microsoft | 3 Windows 2000, Windows Nt, Windows Xp | 2024-02-28 | 7.6 HIGH | N/A |
| Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image. | |||||
| CVE-1999-1360 | 1 Microsoft | 1 Windows Nt | 2024-02-28 | 2.1 LOW | N/A |
| Windows NT 4.0 allows local users to cause a denial of service via a user mode application that closes a handle that was opened in kernel mode, which causes a crash when the kernel attempts to close the handle. | |||||
| CVE-2000-0711 | 2 Microsoft, Netscape | 2 Virtual Machine, Communicator | 2024-02-28 | 7.5 HIGH | N/A |
| Netscape Communicator does not properly prevent a ServerSocket object from being created by untrusted entities, which allows remote attackers to create a server on the victim's system via a malicious applet, as demonstrated by Brown Orifice. | |||||
| CVE-2001-0336 | 1 Microsoft | 1 Internet Information Server | 2024-02-28 | 5.0 MEDIUM | N/A |
| The Microsoft MS00-060 patch for IIS 5.0 and earlier introduces an error which allows attackers to cause a denial of service via a malformed request. | |||||
| CVE-1999-0802 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 7.6 HIGH | N/A |
| Buffer overflow in Internet Explorer 5 allows remote attackers to execute commands via a malformed Favorites icon. | |||||
| CVE-2002-0285 | 1 Microsoft | 1 Outlook Express | 2024-02-28 | 7.5 HIGH | N/A |
| Outlook Express 5.5 and 6.0 on Windows treats a carriage return ("CR") in a message header as if it were a valid carriage return/line feed combination (CR/LF), which could allow remote attackers to bypass virus protection and or other filtering mechanisms via a mail message with headers that only contain the CR, which causes Outlook to create separate headers. | |||||
| CVE-2003-0001 | 4 Freebsd, Linux, Microsoft and 1 more | 5 Freebsd, Linux Kernel, Windows 2000 and 2 more | 2024-02-28 | 5.0 MEDIUM | N/A |
| Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak. | |||||
| CVE-2001-1088 | 1 Microsoft | 2 Outlook, Outlook Express | 2024-02-28 | 7.5 HIGH | N/A |
| Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote attacker to spoof legitimate addresses and intercept email from the client that is intended for another user. | |||||
| CVE-2002-0372 | 1 Microsoft | 1 Windows Media Player | 2024-02-28 | 7.5 HIGH | N/A |
| Microsoft Windows Media Player versions 6.4 and 7.1 and Media Player for Windows XP allow remote attackers to bypass Internet Explorer's (IE) security mechanisms and run code via an executable .wma media file with a license installation requirement stored in the IE cache, aka the "Cache Path Disclosure via Windows Media Player". | |||||
| CVE-1999-0258 | 1 Microsoft | 2 Windows 95, Windows Nt | 2024-02-28 | 5.0 MEDIUM | N/A |
| Bonk variation of teardrop IP fragmentation denial of service. | |||||
| CVE-2001-0048 | 1 Microsoft | 1 Windows 2000 | 2024-02-28 | 7.2 HIGH | N/A |
| The "Configure Your Server" tool in Microsoft 2000 domain controllers installs a blank password for the Directory Service Restore Mode, which allows attackers with physical access to the controller to install malicious programs, aka the "Directory Service Restore Mode Password" vulnerability. | |||||
| CVE-2002-0422 | 1 Microsoft | 1 Internet Information Services | 2024-02-28 | 2.6 LOW | N/A |
| IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to determine the internal IP address of the system (which may be obscured by NAT) via (1) a PROPFIND HTTP request with a blank Host header, which leaks the address in an HREF property in a 207 Multi-Status response, or (2) via the WRITE or MKCOL method, which leaks the IP in the Location server header. | |||||
| CVE-2002-0698 | 1 Microsoft | 1 Exchange Server | 2024-02-28 | 7.5 HIGH | N/A |
| Buffer overflow in Internet Mail Connector (IMC) for Microsoft Exchange Server 5.5 allows remote attackers to execute arbitrary code via an EHLO request from a system with a long name as obtained through a reverse DNS lookup, which triggers the overflow in IMC's hello response. | |||||
| CVE-2001-0004 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-02-28 | 5.0 MEDIUM | N/A |
| IIS 5.0 and 4.0 allows remote attackers to read the source code for executable web server programs by appending "%3F+.htr" to the requested URL, which causes the files to be parsed by the .HTR ISAPI extension, aka a variant of the "File Fragment Reading via .HTR" vulnerability. | |||||
| CVE-2003-0300 | 8 Microsoft, Mozilla, Mutt and 5 more | 8 Outlook Express, Mozilla, Mutt and 5 more | 2024-02-28 | 5.0 MEDIUM | N/A |
| The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors. | |||||